this post was submitted on 19 Feb 2024
227 points (97.5% liked)

Privacy

32442 readers
717 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

It seems like the benefits are having the device lock/wipe itself after a set amount of attempts in case of a brute force attack and not having to run software to decrypt the drive on the device you plug it into.

I included a picture of the IronKey Keypad 200 but that's just because it's the first result that came up when I was looking for an example. There seem to be a few other manufacturers and models out there and they probably have different features.

I am curious what do you think of them? Do you think they are useful? Do you find it more a novelty?


It was an ExplainingComputers video titled Very Useful Small Computing Things that made me think of them.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 10 months ago (1 children)

No. That xkcd (not loading but I assume it is the password one?) is not relevant. Because you can't make a meaningful and easy to remember mnemonic out of a numeric password. That is WHY a purely numeric password is bad for anything that needs security. They are great for 2fa but the unique key should still be the other device.

And all of your good codes are similarly easy to social engineer out, are screwed the moment it is compromised once, or are literally reading off a sticky note.

Which gets back to these kinds of devices largely being security theatre. Because there is no good use case for them that wouldn't also involve encrypting the data/volume after you pin in. At which point... why waste money on something conspicuous with an easy to crack code?

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago) (1 children)

I included it because passwords don't need to be hard to remember. If they make sense to you and have a bit of thought behind them they can be just as secure.

I am not saying these codes are perfect but if they are the weakest link in your network of security it's a decent start. Someone could be trying to get your passcode for days but unless they see you checking something like the bar code of a notebook before you have it memorized they could spend months guessing before realizing a segment of your passcode is the number of a pizza place in your hometown. It's not exactly something that's going to come up naturally.

I mentioned it in another comment but they also lock you out after a set number of attempts preventing brute force attacks.

I am not saying they aren't overpriced for what you are getting ($100 for 8GB) and considering the other options that are available but I doubt they are significantly easier to crack than a smartphone

[–] [email protected] 0 points 10 months ago (1 children)

Look up how hard it is for humans to remember long strings of numbers. That is WHY ICQ (and eventually phone numbers) were dropped almost immediately in favor of social media and the ability to exchange numbers just by tapping phones.

And in the time it would take to memorize a bar code (12-ish digits, depending on standard) you likely should be rotating that password anyway. And in the time it would take to memorize it you are also very blatantly reading off a sticky note as you "discretely" look at your notebook every time you want to access your password database in public. And if you aren't in public? Why go through these extra steps when there are much better ways to secure this that are a lot more obvious if they are tampered with.

I get that a youtuber you like talked about this. Youtubers talk about a lot of stupid products in the interest of making Content. But maybe listen to the people who have experience with this kind of hardware and the kind of security theatre policies that make them "a good idea".

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago)

I get that a youtuber you like talked about this. Youtubers talk about a lot of stupid products in the interest of making Content. But maybe listen to the people who have experience with this kind of hardware and the kind of security theatre policies that make them "a good idea".

I think you might be confused. I'm not saying these devices are good. I started the post by asking if people thought they were a novelty. I just don't think it's as black and white as you are making it out to be and we got off on a tangent about passwords.

I think often enough people have a few numbers memorized that they can use and a lot of the time they're going to be too obscure to social engineer. I don't think you could do some CSI Miami style deduction to easily find out a passcode that's over ten digits in length.

I will admit you could probably brute force it and it's going to take less time than an alpha numeric password.